The Office of the Australian Information Commissioner has released its Q2 statistics on notifications received under the Notifiable Data Breach (NDB) scheme. The 245 breach notifications in Q2 are on par with each other quarter since the scheme was introduced in July 2018.

The OAIC also announced it will now report twice a year on notifications received under the NDB scheme instead of quarterly.

While the majority of NDBs (62%) are attributed to malicious or criminal attacks, the second largest source of data breaches was human error, such as sending personal information to the wrong recipient via email (35 per cent), unauthorised disclosure through the unintended release or publication of personal information (18 per cent), as well as the loss of paperwork or data storage device (12 per cent).

Malicious or criminal attacks were the largest source of data breaches this quarter, accounting for 62 per cent of all data breaches. Of these 151 data breaches, 69.5 per cent involved cyber incidents such as phishing, malware or ransomware, brute-force attacks, or compromised or stolen credentials.

Theft of paperwork or data storage devices was another source of malicious or criminal attacks (14.5 per cent). Other sources included actions taken by a rogue employee or insider threat (8 per cent), as well as social engineering or impersonation (8 per cent).

The majority of data breaches in the period involved the personal information of 100 individuals or fewer (62 per cent of data breaches).

Data breaches impacting between one and 10 individuals comprised 42 per cent of the notifications.

The top sector to report data breaches under the NDB scheme was the private health service provider sector (health sector) (19 per cent). The second largest source of data breaches was the finance sector (17 per cent). This was followed by the legal, accounting and management services sector (10 per cent), the private education sector (education) (9 per cent), and the retail sector (6 per cent).

Download the full report HERE